Re: [PATCH v33 01/21] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

2020-06-24 Thread Jarkko Sakkinen 
On Mon, Jun 22, 2020 at 07:37:11PM +0200, Borislav Petkov wrote:
> On Thu, Jun 18, 2020 at 01:08:23AM +0300, Jarkko Sakkinen wrote:
> > From: Sean Christopherson 
> > 
> > Add X86_FEATURE_SGX from CPUID.(EAX=7, ECX=1), which informs whether the
> > CPU has SGX.
> > 
> > Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0),
> > which describe the level of SGX support available [1].
> > 
> > Add IA32_FEATURE_CONTROL_SGX_ENABLE. BIOS can use this bit to opt-in SGX
> 
> I'm guessing that wants to be
> 
> IA32_FEATURE_CONTROL.SGX_ENABLE
> 
> judging by the diff and the SDM chapter.

Underscore must be just a typo.

> 
> > before locking the feature control MSR [2].
> > 
> > [1] Intel SDM: 36.7.2 Intel® SGX Resource Enumeration Leaves
> > [2] Intel SDM: 36.7.1 Intel® SGX Opt-In Configuration
> > 
> > Cc: Borislav Petkov 
> > Acked-by: Jethro Beekman 
> > Signed-off-by: Sean Christopherson 
> > Co-developed-by: Jarkko Sakkinen 
> > Signed-off-by: Jarkko Sakkinen 
> > ---
> >  arch/x86/include/asm/cpufeature.h|  5 +++--
> >  arch/x86/include/asm/cpufeatures.h   |  7 ++-
> >  arch/x86/include/asm/disabled-features.h | 18 +++---
> >  arch/x86/include/asm/msr-index.h |  1 +
> >  arch/x86/include/asm/required-features.h |  2 +-
> >  arch/x86/kernel/cpu/common.c |  4 
> >  tools/arch/x86/include/asm/cpufeatures.h |  7 ++-
> 
> Also, please drop this change to tools/, see
> 
> https://lkml.kernel.org/r/20200622141737.ga30...@kernel.org
> 
> from today.

OK I reverted it [*].

> With those addressed:
> 
> Reviewed-by: Borislav Petkov 

Thank you, I'll update this to the commit.

> 
> Thx.
> 
> -- 
> Regards/Gruss,
> Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette

[*] By "git diff -R HEAD~1 -- tools/arch/x86/include/asm/cpufeatures.h | patch 
-p1".

/Jarkko

Re: [PATCH v33 01/21] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

2020-06-22 Thread Borislav Petkov 
On Thu, Jun 18, 2020 at 01:08:23AM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson 
> 
> Add X86_FEATURE_SGX from CPUID.(EAX=7, ECX=1), which informs whether the
> CPU has SGX.
> 
> Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0),
> which describe the level of SGX support available [1].
> 
> Add IA32_FEATURE_CONTROL_SGX_ENABLE. BIOS can use this bit to opt-in SGX

I'm guessing that wants to be

IA32_FEATURE_CONTROL.SGX_ENABLE

judging by the diff and the SDM chapter.

> before locking the feature control MSR [2].
> 
> [1] Intel SDM: 36.7.2 Intel® SGX Resource Enumeration Leaves
> [2] Intel SDM: 36.7.1 Intel® SGX Opt-In Configuration
> 
> Cc: Borislav Petkov 
> Acked-by: Jethro Beekman 
> Signed-off-by: Sean Christopherson 
> Co-developed-by: Jarkko Sakkinen 
> Signed-off-by: Jarkko Sakkinen 
> ---
>  arch/x86/include/asm/cpufeature.h|  5 +++--
>  arch/x86/include/asm/cpufeatures.h   |  7 ++-
>  arch/x86/include/asm/disabled-features.h | 18 +++---
>  arch/x86/include/asm/msr-index.h |  1 +
>  arch/x86/include/asm/required-features.h |  2 +-
>  arch/x86/kernel/cpu/common.c |  4 
>  tools/arch/x86/include/asm/cpufeatures.h |  7 ++-

Also, please drop this change to tools/, see

https://lkml.kernel.org/r/20200622141737.ga30...@kernel.org

from today.

With those addressed:

Reviewed-by: Borislav Petkov 

Thx.

-- 
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

[PATCH v33 01/21] x86/cpufeatures: x86/msr: Add Intel SGX hardware bits

2020-06-17 Thread Jarkko Sakkinen 
From: Sean Christopherson 

Add X86_FEATURE_SGX from CPUID.(EAX=7, ECX=1), which informs whether the
CPU has SGX.

Add X86_FEATURE_SGX1 and X86_FEATURE_SGX2 from CPUID.(EAX=12H, ECX=0),
which describe the level of SGX support available [1].

Add IA32_FEATURE_CONTROL_SGX_ENABLE. BIOS can use this bit to opt-in SGX
before locking the feature control MSR [2].

[1] Intel SDM: 36.7.2 Intel® SGX Resource Enumeration Leaves
[2] Intel SDM: 36.7.1 Intel® SGX Opt-In Configuration

Cc: Borislav Petkov 
Acked-by: Jethro Beekman 
Signed-off-by: Sean Christopherson 
Co-developed-by: Jarkko Sakkinen 
Signed-off-by: Jarkko Sakkinen 
---
 arch/x86/include/asm/cpufeature.h|  5 +++--
 arch/x86/include/asm/cpufeatures.h   |  7 ++-
 arch/x86/include/asm/disabled-features.h | 18 +++---
 arch/x86/include/asm/msr-index.h |  1 +
 arch/x86/include/asm/required-features.h |  2 +-
 arch/x86/kernel/cpu/common.c |  4 
 tools/arch/x86/include/asm/cpufeatures.h |  7 ++-
 7 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/arch/x86/include/asm/cpufeature.h 
b/arch/x86/include/asm/cpufeature.h
index 59bf91c57aa8..efbdba5170a3 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -30,6 +30,7 @@ enum cpuid_leafs
CPUID_7_ECX,
CPUID_8000_0007_EBX,
CPUID_7_EDX,
+   CPUID_12_EAX,
 };
 
 #ifdef CONFIG_X86_FEATURE_NAMES
@@ -89,7 +90,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 17, feature_bit) ||\
   CHECK_BIT_IN_MASK_WORD(REQUIRED_MASK, 18, feature_bit) ||\
   REQUIRED_MASK_CHECK||\
-  BUILD_BUG_ON_ZERO(NCAPINTS != 19))
+  BUILD_BUG_ON_ZERO(NCAPINTS != 20))
 
 #define DISABLED_MASK_BIT_SET(feature_bit) \
 ( CHECK_BIT_IN_MASK_WORD(DISABLED_MASK,  0, feature_bit) ||\
@@ -112,7 +113,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 17, feature_bit) ||\
   CHECK_BIT_IN_MASK_WORD(DISABLED_MASK, 18, feature_bit) ||\
   DISABLED_MASK_CHECK||\
-  BUILD_BUG_ON_ZERO(NCAPINTS != 19))
+  BUILD_BUG_ON_ZERO(NCAPINTS != 20))
 
 #define cpu_has(c, bit)
\
(__builtin_constant_p(bit) && REQUIRED_MASK_BIT_SET(bit) ? 1 :  \
diff --git a/arch/x86/include/asm/cpufeatures.h 
b/arch/x86/include/asm/cpufeatures.h
index 02dabc9e77b0..545ac3e0e269 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -13,7 +13,7 @@
 /*
  * Defines x86 CPU feature bits
  */
-#define NCAPINTS   19 /* N 32-bit words worth of 
info */
+#define NCAPINTS   20 /* N 32-bit words worth of 
info */
 #define NBUGINTS   1  /* N 32-bit bug flags */
 
 /*
@@ -238,6 +238,7 @@
 /* Intel-defined CPU features, CPUID level 0x0007:0 (EBX), word 9 */
 #define X86_FEATURE_FSGSBASE   ( 9*32+ 0) /* RDFSBASE, WRFSBASE, 
RDGSBASE, WRGSBASE instructions*/
 #define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3B */
+#define X86_FEATURE_SGX( 9*32+ 2) /* Software Guard 
Extensions */
 #define X86_FEATURE_BMI1   ( 9*32+ 3) /* 1st group bit 
manipulation extensions */
 #define X86_FEATURE_HLE( 9*32+ 4) /* Hardware Lock 
Elision */
 #define X86_FEATURE_AVX2   ( 9*32+ 5) /* AVX2 instructions */
@@ -373,6 +374,10 @@
 #define X86_FEATURE_CORE_CAPABILITIES  (18*32+30) /* "" IA32_CORE_CAPABILITIES 
MSR */
 #define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store 
Bypass Disable */
 
+/* Intel-defined SGX features, CPUID level 0x0012:0 (EAX), word 19 */
+#define X86_FEATURE_SGX1   (19*32+ 0) /* SGX1 leaf functions */
+#define X86_FEATURE_SGX2   (19*32+ 1) /* SGX2 leaf functions */
+
 /*
  * BUG word(s)
  */
diff --git a/arch/x86/include/asm/disabled-features.h 
b/arch/x86/include/asm/disabled-features.h
index 4ea8584682f9..dbe534d5153f 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -28,13 +28,18 @@
 # define DISABLE_CYRIX_ARR (1<<(X86_FEATURE_CYRIX_ARR & 31))
 # define DISABLE_CENTAUR_MCR   (1<<(X86_FEATURE_CENTAUR_MCR & 31))
 # define DISABLE_PCID  0
+# define DISABLE_SGX1  0
+# define DISABLE_SGX2  0
 #else
 # define DISABLE_VME   0
 # define DISABLE_K6_MTRR   0
 # define DISABLE_CYRIX_ARR 0
 # define DISABLE_CENTAUR_MCR   0
 # define DISABLE_PCID  (1<<(X86_FEATURE_PCID & 31))
-#endif /* CONFIG_X86_64 */
+# define DISABLE_SGX1  (1<<(X86_FEATURE_SGX1 & 31))
+# define DISABLE_SGX2  (1<<(X86_FEATURE_SGX2 & 31))
+ #endif /*